61pc of firms have experienced a cyberattack in the past year

While the number of companies that report experience cyberattacks has risen, so too has the number that have a dedicated cybersecurity role in place in their firm.

The latest edition of the Hiscox Cyber Readiness report – based on surveys of public and private sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands – has found that as many as 61pc of firms report suffering one or more cyberattacks in the last year.

The international study released by insurer Hiscox set out to analyse companies’ cybersecurity strategy and execution. It found that the rate of cyberattacks has increased sharply, up 45pc since the 2018 report was released.

Large firms reported losing, on average, as much as £551,000 in cyberattacks, up from £128,000 last year. Among all firms, average losses arising from cyberattacks rose from £180,000 last year to £291,000 this year. Additionally, only 10pc of firms were ranked as ‘expert’ in their strategy versus the 74pc that were ranked as ‘novices’.

“This is the third Hiscox Cyber Readiness Report and, for the first time, a significant majority of firms report one or more cyberattacks in the past 12 months,” explained Gareth Wharton, Hiscox Cyber CEO.

“Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today. The one positive is that we see more firms taking a structured approach to the problem.”

The report also found that supply chain incidents are now commonplace, with almost two-thirds (65pc) having experience cyber-related issues in this sphere in the past 12 months.

Defined cybersecurity roles

One cause for optimism, the report continued, is that the proportion of firms with no defined role for cybersecurity has halved in the past year, reducing from 32pc to 16pc. There has also been a marked decrease in the number of respondents saying that they made no changes in the aftermath of a cyber incident, reducing from 47pc to 32pc.

The implementation of GDPR in Europe has also led to widespread changes, with 84pc of firms on the European continent saying they have brought in new practices in order to comply with the regulation. In the UK, that figure is at 80pc.